protect some REST endpoints with an API key?

I would like to build a premium plugin. My idea is that the REST endpoint of my API website would be protected by an API key. On the client side, admin would have to enter its API key in the plugin settings. When a request is made by the plugin to the API website, the API key would be checked before returning a response. I’m currently trying to make that work with the JWT Authentication for the WP REST API plugin, but i’m not sure it is a good choice; i’ve not managed yet to make it work since it generates a user token but they do expire after a while. I’ve asked the author to help but I got no reply for the moment. Do you think it using JWT Authentication for the WP REST API plugin is a good starting point ? How would you handle this ? Thanks